Daniel Underhay
Git-Rotate: Leveraging GitHub Actions to Bypass Microsoft Entra Smart lockout
Daniel Underhay
Password Spraying
IP Rotation
Explore how GitHub Actions can be leveraged to rotate IP addresses during password spraying attacks to bypass IP-Based blocking such as Entra Smart lockout.
Hook, Line, and Phishlet: Conquering AD FS with Evilginx
Daniel Underhay
Evilginx
Phishing
AD FS
A detailed walkthrough of the process and hurdles faced in leveraging Evilginx3 to conduct a successful phishing campaign on a AD FS protected domain.
Device Code Phishing: A Frontend UI
Daniel Underhay
Phishing
Tools
A framework for OAuth 2.0 device code authentication grant flow phishing.
CCTV: Now You See Me, Now You Don't
Daniel Underhay
IoT
IP Camera
CCTV
How to take over an IoT camera stream.
Adobe ColdFusion - Path Traversal Vulnerability
Daniel Underhay
CVE(s): CVE-2019-8074 Vendor: Adobe Product: ColdFusion Version(s) affected: 2018 Update 4 and earlier versions, 2016 Update 11 and earlier versions Fixed version: 2018 Update 5, 2016 Update 12 Adobe security bulletin details Path Traversal Vulnerability (CVE-2017-5219) # By default, custom applications built using the Adobe ColdFusion platform would block access to the admin portal.